From owner-freebsd-security  Wed Oct  4 10:14:58 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id B085637B66C
	for <security@freebsd.org>; Wed,  4 Oct 2000 10:14:52 -0700 (PDT)
Received: (qmail 89756 invoked by uid 1000); 4 Oct 2000 17:16:02 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 4 Oct 2000 17:16:02 -0000
Date: Wed, 4 Oct 2000 12:16:02 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: security@freebsd.org
Subject: Re: OpenBSD Security Advisory (fwd)
Message-ID: <Pine.BSF.4.21.0010041215240.89315-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.BSF.4.21.0010041215242.89315@achilles.silby.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Are we patched?

Mike "Silby" Silbersack

---------- Forwarded message ----------
Date: Wed, 4 Oct 2000 00:31:03 -0700
From: K2 <ktwo@KTWO.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: OpenBSD Security Advisory

Hi,
        Here is another exploit for an application (fstat) that
OpenBSD's
format string audit has seemingly forgotten about.  What I would like to
know is why this and a number of other privileged applications have
security vulnerabilities in them. They WERE fixed, but NO ADVISORY nor
ANY MENTION IN THEIR DAILY CHANGLOG!  How can the impact of the
vulnerability not be realized when they occur in something as privileged
as that would be using pw_error()?




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message